RSA Trends: Cloud, IoT, Cybersecurity Skills Gap Drive Security Services Demand

By George Hulme

When it comes to the business of information security and the big technology trends that will likely shape the year ahead, the RSA Conference is perhaps the most important source of insights. And with a record attendance of more than 43,000, RSAC 2017 was no exception. (See my top seven startups here.)

The cybersecurity trends that stood out this year were cloud and container security, machine learning, securing the Internet of things, rugged DevOps and the growing managed security services market. Let’s look at a few of these.

AI and Machine Learning: About three-fourths of the vendors on the expo floor touted some level of artificial intelligence or machine-learning capabilities. Currently, however, most of the machine-learning capabilities discussed are just like the Bayesian techniques in spam filters and heuristics commonly found in anti-malware software — but now, new and improved!

Bottom line, much of the talk around AI and machine learning is currently more hype than reality, which makes it difficult for channel partners and end users to understand what’s real and what’s marketing.{ad}

Cloud On Track: In contrast, when it comes to cloud, things have hit a tipping point. According to a report published by cloud access security broker Skyhigh Networks and the Cloud Security Alliance, titled “Custom Applications and IaaS Report 2017,” the use of cloud in the enterprise has hit an all-time high, and the use of custom apps is growing rapidly. According to the report, enterprises typically run 464 custom applications; yet, information security teams are aware of only 38.4 percent of those apps. Enterprises need partners that can help them identify and effectively manage this shadow IT that is growing in their organizations.

What’s more, use of software as a service is growing 10 times as rapidly as traditional IT, and infrastructure as a service is growing at twice that rate. According to the Skyhigh Networks and CSA report, this year, for the first time, infrastructure-as-a-service providers will host more custom applications than are held in corporate data centers.

Current projections on security spending for this and the next few years match the survey results. According to research firm IDC, spending on cloud IT infrastructure will grow 18.2 percent to reach $44.2 billion this year. More than 60 percent of that will be in the public cloud, while private-cloud environments will be just shy of 15 percent.

Additionally, IDC forecasts that worldwide security-related spending will grow just north of 8 percent, and global revenues for all security-related IT spending will reach $102 billion from $74 billion today. 

An Intel Security report released the week of the show, “Building Trust in a Cloudy Sky: The State of Cloud Adoption,” also found that enterprises are challenged to keep up with …

{vpipagebreak}

… the cloud-driven shadow IT in their organizations. A majority of respondents to this report viewed the trend of employees turning to cloud services and circumventing traditional IT departments as harming enterprise security efforts. And just over half (52 percent) of those surveyed said that cloud apps are an initial source of malware infections.

The New Front Line Is Everywhere: Another significant trend this year, which is finally starting to move out of hype and into the reality category, is the securing of Internet of Things devices, along with all the associated monitoring, management and breach response that will be required.

In his talk, “Where Bits and Bytes Meets Flesh and Blood,” Josh Corman, founder and director, Cyber Statecraft at Atlantic Council, gave a stark warning regarding the current state of IoT security. In doing so, he cited many real-world examples of instances where poorly secured digital infrastructure is placing lives at risk, especially when it comes to medical delivery and critical infrastructure. One such case: An ambulance carrying a patient to the hospital was diverted to another location because the intended hospital had fallen prey to a ransomware infection and was unable to accept incoming patients in the emergency room.

“You’re in an ambulance, probably the most terrifying moment in your life. Seconds matter and you have to be directed somewhere else, even if it’s just three blocks up the street — how is that acceptable?” Corman asked.{ad}

Service Providers Help Fill the Skills Gap: The supply of skilled cybersecurity professionals seems unable to catch up to demand. According to the industry association group ISACA’s report, “State of Cyber Security 2017,” 59 percent of the organizations they surveyed received five job applicants per opening. Typically, corporations get 60 to several hundred applications per opening.

The ISACA report also found that, for 55 percent of enterprises, it takes a minimum of three months to fill an information security vacancy. For 32 percent of enterprises, it’s taking six months or more to fill those positions.

When considering the steep challenges that enterprises face in finding the security professionals they need, coupled with the rapid adoption of cloud, mobile and now IoT, it’s no wonder that security services continue expanding so rapidly. A report recently published by Allied Market Research estimates that the global managed security services market will grow at a 16.6 percent annual clip between now and 2022.

And there’s a good chance that five years from now, RSA conference attendees will be discussing not how these challenges were solved, but how they grew in complexity.